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FIG. 3 



Item 


.- • Description .- 


Value employed 
in the present JA 


Version 1 


version 


Version of the 
certificate format 


V3 


serial Number 


Serial number of the 
certificate assigned by 
the IA 


rtaaiyiibu in a serial 
fashion 


signature algorithm 
Identifier 

algorithm 

parameters 


Algorithm of the signa- 
ture of the certificate 
and parameters thereof 


Elliptic curve number/RSA 
parameters when an 
elliptic curve is used 
Key length when RSA 
is employed 


issuer 


IA name (in a 
distiguished name form) 


Name of the present IA 


validity 

notBefore 
not After 


Period during which the 
certificate is valid 

Start date 

Expiration date 




subject 


Name which identifies 
the user 


User device ID or ID of 
the service subject 


subject Public Key 
Info 
algorithm 

subject Public key 


Information of the public key 
of the user 

Algorithem of the key 

Key 


Elliptic curve/RSA 
Public key of the user 


Version 3 


authority Key Identifier 

key Identifier 

authority Cert Issuer 
authority Cert Serial 
Number 


Key identifier used in verifica- 
tion of the IA 

Key identification number (octal 
number) 

Name of the IA (in a general 
name form) 
Identification number 




subject key Identifier 


Used when a plurality 
of keys are certified 


Not used 


key usage 

(0) digital Signature 

(1) non Repudiation 

(2) key Encipherment 

(3) data Encipherment 

(4) key Agreement 

(5) key CertSign 

(6) cRL Sign 


Specifying the purpose 
of the key 

(0) for digital signature 

(1) to prevent repudiation 

(2) for encryption of the Key 

(3) for encryption of a message 

(4) for use in transmission of a 
symmetric key 

(5) used to verify the certificate 

(6) used to verify the signature 
of the certificate revolution list 


0,1,4, or 6 is used 


private Key Usage 
Period 

notBefore 

not After 


Period during which the 
private key stored in the 
user is valid 


Usage period is the 
same for the certificate, 
the public key, and the 
private Key (default) 
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Certificate Policy 
policy Identifier 
policy Qualifers 


Certificate policy of the certificate authority 
Policy ID (according to ISO/IEC9834-1) 
Certification criteria 


policy Mappings 
issuer Domain Policy 
subject Domain Policy 


Required only when the 
CA is certificated. Mappings 
of the policy of the issuer 
domain policy and the subject 
domain policy are defined 


default — none 


supported Algorithms 

algorithm Identifier 
intended Usage 
intended Certificate 
Policies 


Attributes of the directory 
^a.ouuj are aeTinea. used to 
inform a receiving party of 
communication of the attributes 
the direction so that the recei- 
ving party can use the 
direction information 


default = none 


subject Alt Name 


Alternative name of the user 
(in the form of GN) 


not used 


issuer Alt Name 


Not used although this item 
is included in the 
certificate format 
(default = none) 


default = none 


subject Directory Attributes 


Arbitrary attributes of the user 


not used 


basic Constraints 


Specifies the public key 
to be certified 




cA 

path Len Constraint 


Indicates whether the public 
key is used by a user or 
by a certificate authority to 
write a signature 


default 

= used by a user 


name Constraints 
permitted Subtrees 
base 
minimum 


Used only when the 
certification is to certify 
a certification authority (CA) 


default = none 


maximum 
excluded Subtrees 






policy Constraints 

rpniMAr pYnlirit Pnlir»\/ 
iu^uioi tA|jiii;ii rUlll<y 

inhibit Policy Mapping 


Constraints are described in 
terms of requirements of 
explicit policy ID or inhibit 
policy mapping for the re- 
maining certification path 




CRL Distribution Points 


Indicates a reference point 
in the revocation list at which 
data is present which 
indicates whether the 
certificate of a user is 
revocated 


Pointer which points 
to a location where 
the certificate is 
registered. The 
revocation list is 
managed by an 
issuer 


Signature 


Signature of the issuer 
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Version 


Description- 

Version 




Otflldl l>JUIIIUt!l 


Identification Number 




signature algorithm 
Identifier 


Signature algorithem 


Indis- 


algorithm 
parameters 


Algorithm 
Parameters 


pensable 
Items 


Issuer 


Name of the identification authority 
(in the form of a distinguished name) 




Validity 
notBefore 
not After 


Period during which the certificate is valid 
Start date 
Expiration date 




Subject 


Name of the subject to be certificated 
(in a DN form) 




subject Template Info 
encrypt Type 
encrypt Unique ID 

encryption Algorithm 

parameter 

validity 

subject Template Source 
subject Template 


Template information 

• encrypt Type 

•The unique ID or the certificate 
number of a public key certificate 
used for encryption 

• Algorithm 

• parameter 

• Validity period (start date, expiration 
date) 

1 y(Jc (Jl lllc IcIllfJIalt! 

• Template 


Extended 
Items 


subject PKC serial 
Number 

subject PKC Unique ID 


iiiiui iiicuiui i ctuuui iiic (juuiil i\tjy oeriiiicat© 
of the subject 

• Certificate number of the subject public 
key certificate 

• Unique ID of the subject of the subject 
public key certificate 


Issuer Unique ID 


Unique ID of the issuer 




Subject Unique ID 


Unique ID of the subject 




Public Key Certificate 


Public key certificate 




Issuer Alt Name 


Alternative name of the issuer 




subject Directory 
Attributes 


Personal information (encrypted as required) 
information used to authenticate subject 
Age, sex, etc. 




Valid Count 


Number of times the certificate is allowed 
to be used 




Control Table Link Info 
Ctl Tbl Location 
Ctl Tbl Unique ID 


Link information describing group information 

• Location of a link information control 
table (URL, IP address, etc.) 

• Identification number of the link 
information 


indispen- 
sable 


IDA Signature 


Signature of the IDA 
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FIG. 8A 
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FIG. 9 



(start a TEMPLATE REGISTRATION PROCESS) -* 

-J- 

' S11 



USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 



THE USER SUBMITS HIS/HER 
IDENTIFICATION DATA TO THE IDA 



THE USER SUBMITS ADDITIONAL 
INFORMATION (SUCH AS A PIN) 
TO THE IDA AS REQUIRED 



LOK 



THE IDA ASSIGNS AN IDENTIFICATION 
NUMBER TO THE RECEIVED DATA 
AND STORES IT IN A DATABASE 



THE IDA ENCRYPTS THE TEMPLATE 
USING A PUBLIC KEY OF THE IDA 
AND GENERATES AN IDC ON THE 
BASIS THEREOF 



i 

( END "^) 



; IDA: 



©CHECK THE 
RECEIVED DATA 

©ASSIGN AN ID TO 
THE RECEIVED 
DATA AND STORE 
IT IN THE DATABASE 

©GENERATE AN IDC 



TEMPLATE 
RECEPTION 



IDENTIFI- 
CATION 
DATA 

RECEPTION 



THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 



S12 
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NG 
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ERROR 
HANDLING 



©CREATE 

A TEMPLATE DATA 



©SUBMIT IDENTIFI- 
CATION DATA 



©SUBMIT 

ADDITIONAL DATA 
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( START A TEMPLATE DELETION PROCESS ) 
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S22 



S23 



USER SUBMITS A TEMPLATE DELETION 
REQUEST TO THE IDA 



THE USER SUBMITS IDENTIFICATION DATA 
IDENTIFYING THE USER TO THE IDA 



S24 



THE USER SUBMITS ADDITIONAL 
INFORMATION (SUCH AS A PIN) 
TO THE IDA AS REQUIRED 



S27 



ERROR 
HANDLING 



THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 



, NG 



S25 



THE IDA DELETES THE REGISTERED 
TEMPLATE, IDENTIFICATION DATA AND 
ADDITIONAL DATA 



S26 THE IDA DELETES THE IDC OF THE USER 
AND DESCRIBES, IN AN INVALIDATED IDC 
LIST, THAT THE IDC HAS BEEN INVALIDATED 



END 



IDA I 

(g) CHECK THE 
RECEIVED DATA 

(D DELETE THE 
PERSONAL DATA 

0 DESCRIBE THE 
INVALIDATION IN 
THE INVALIDATED 
IDC LIST 




TEMPLATE 
RECEPTION 



IDENTIFI- 
CATION 
DATA 

RECEPTION 
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SUBMIT A DELETION 
REQUEST, IDENTIFICATION 
DATA AND ADDITIONAL 
DATA 
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(start a template changing process) 



A USER SUBMITS A TEMPLATE CHANGE 
REQUEST TO THE IDA 



THE USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 
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S40 



ERROR 
HANDLING 



THE USER SUBMITS IDENTIFICATION DATA 
IDENTIFYING THE USER TO THE IDA 



S33 



THE USER SUBMITS ADDITIONAL INFORMATION 
(SUCH AS A PIN) TO THE IDA AS REQUIRED 



S34 



c 



THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 



I OK 



S35 



THE IDA DELETES A REGISTERED TEMPLATE S36 



THE IDA DELETES THE IDC OF THE USER 
AND DESCRIBES, IN THE INVALIDATED IDC 
LIST, THAT THE IDC HAS BEEN INVALIDATED 



S37 



THE IDA ASSIGNS AN INDENTIFICATION NUMBER 
TO THE RECEIVED NEW DATA AND STORES IT 
IN THE DATABASE 



THE IDA ENCRYPTS THE NEW TEMPLATE USING 
A PUBLIC KEY OF THE IDA AND GENERATES 
AN IDC ON THE BASIS THEROEOF 
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C 



END 
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(D DELETE THE PERSONAL DATA 

(6) DESCRIBE THE INVALIDATION 
IN THE INVALIDATED IDC LIST 

©ASSIGN AN ID TO THE 
RECEIVED NEW DATA AND 
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(8) GENERATE AN IDC 

i 
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RECEPTION 
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CATION 
DATA 

RECEPTION 
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CHANGE REQUEST AND 
CREATE TEMPLATE DATA 
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CATION DATA 



CD 

SUBMIT ADDITIONAL 
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FIG. 12 



(start A TEMPLATE addition process) 



A USER SUBMITS A TEMPLATE ADDITION 
REQUEST TO THE IDA 



THE USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 



THE USER SUBMITS IDENTIFICATION DATA 
IDENTIFYING THE USER TO THE IDA 
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S42 



S43 



S48 



ERROR 
HANDLING 



THE USER SUBMITS ADDITIONAL INFORMATION 
(SUCH AS A PIN) TO THE IDA AS REQUIRED 



S44 



THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 



NG 



S45 



t OK 



THE IDA ASSIGNS AN IDENTIFICATION NUMBER 
TO THE RECEIVED NEW DATA AND STORES IT 
IN THE DATABASE 



S46 



THE IDA ENCRYPTS THE NEW TEMPLATE USING 
A PUBLIC KEY OF THE IDA AND GENERATES 
AN IDC ON THE BASIS THEREOF 
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FIG. 13 



(start a template susupension process) 



A USER SUBMITS A TEMPLATE SUSPENSION 
REQUEST TO THE IDA 
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THE USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 
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ERROR 
HANDLING 



THE USER SUBMITS ADDITIONAL INFORMATION 
(SUCH AS A PIN) TO THE IDA AS REQUIRED 
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THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 



S54 



THE IDA SUSPENDS THE VALIDITY OF 
REGISTERED TEMPLATE IDENTIFICATION DATA 
AND ADDITIONAL DATA 



S55 



THE IDA INVALIDATES THE IDC OF THE USER 
AND DESCRIBE, IN THE INVALIDATED IDC LIST, 
THAT THE IDC HAS BEEN INVALIDATED 
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FIG. 14 
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START A PROCESS OF CANCELING 
SUSPENSION OF A TEMPLATE 



A USER SUBMITS A TEMPLATE RESUMPTION 
REQUEST TO THE IDA 
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THE USER CREATES A TEMPLATE USING 
A TEMPLATE DETECTOR OF THE IDA 
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ERROR 
HANDLING 



THE USER SUBMITS ADDITIONAL INFORMATION 
(SUCH AS A PIN) TO THE IDA AS REQUIRED 
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THE IDA CHECKS THE VALIDITY 
OF THE RECEIVED DATA 
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THE IDA CANCELS THE SUSPENSION OF THE 
REGISTERED TEMPLATE, IDENTIFICATION DATA 
AND ADDITIONAL DATA 
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THE IDA CANCELS THE INVALIDATION OF 
THE IDC OF THE USER AND UPDATES 
THE INVALIDATED IDC LIST 



S66 
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(2) CHECK THE RECEIVED DATA 

(3) CANCEL THE SUSPENSION 
OF THE PERSONAL DATA 

(4) UPDATE THE INVALIDATED 
IDC LIST 
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DATA 
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( START AN IDC DISTRIBUTION PROCESS ) 



MAKE A CONTRACT BETWEEN AN SP AND 
AN IDA IN ADVANCE AND DETERMINE THE 
OPERATION RULE ACCORDING TO WHICH 
THE IDA PROVIDES SERVICES TO THE SP 
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ERROR 
HANDLING 



( 



PERFORM MUTUAL AUTHENTICATION 
BETWEEN THE SP AND THE IDA 



OK 



A ng 

./S72~ 



THE SP TRANSMITS TO THE IDA AN IDC 
ISSUE REQUEST INCLUDING DATA INDICATING 
A USER NAME AND IDC POLICY 
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ERROR 
HANDLING 



( 



THE IDA VERIFIES THE IDC ISSUE 
REQUEST 



LOK 



'S74 



THE IDA SETS THE IDC POLICY IN 
ACCORDANCE WITH THE ISSUE REQUEST 
AND THE OPERATION RULE FOR THE SP 



RE-ENCRYPT, USING THE PUBLIC KEY OF 
THE SP, A TEMPLATE ENCRYPTED USING 
THE PUBLIC KEY OF THE IDA 



S75 



S76 



CREATE AN IDC IN ACCORDANCE WITH THE IDC POLICY 
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THE IDA ISSUES THE IDC TO THE SP 
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IDA. 



(4) VERIFY THE 
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(D SET THE IDC 
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©ENCRYPT THE 

TEMPLATE USING 
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(D MAKE A CONTRACT 
BEFOREHAND 

©PERFORM MUTUAL 
^ AUTHENTICATION . 



SP 



(3) SEND A REQUEST 
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(7) ISSUE IDC 
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FIG. 16 
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( START AN IDC UPDATING PROCESS^) 



MAKE A CONTRACT BETWEEN AN SP AND 
AN IDA IN ADVANCE AND DETERMINE THE 
OPERATION RULE ACCORDING TO WHICH 
THE IDA PROVIDES SERVICES TO THE SP 
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OK 
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THE SP TRANSMITS AN IDC UPDATING 
REQUEST TO THE IDA 



S83 



< 
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I OK 
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NG 



THE IDA SETS THE IDC POLICY IN 
ACCORDANCE WITH THE ISSUE REQUEST 
AND THE OPERATION RULE FOR THE SP 
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HANDLING 
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( START AN IDC DELETING PROCESS 
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( START AN IDC INQUIRY PROCESS"^) 
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FIG. 21A 
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FIG. 24 
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Version 


Version 




Serial Number 


Identification Number 




signature algorithm 
Identifier 

algorithm 

parameters 


Signature algorithm 

Algorithm 
Parameters 


Indis- 
pensable 
Items 


Issuer 


Identification authority name (in the form of 
a distinguished name) 


validity 
notBefore 
notAfter 


Validty period 
•Start date 
• Expiration date 




Subject 


Subject Name (in a DN form) 




subject IDA Info 

subject IDA serial 
Number 

subject IDA Unique ID 


Information about the identification 
cartificate of the subject 

• Certificate number of the identification 
certificate of the subject 

• Subject unique ID of the identification 
cerificate of the subject 




subject PKC info 

subject PKC serial 
Number 

subject PKC Unique ID 


Information about the public key certificate 
of the subject 

• Certificate Number of the public key 
certificate of the subject 

• Subject unique ID of the public key 
certificate of the subject 




IDA Signature . 


Signature of IDA 
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A USER A ACCESSES A DEVICE B $801 



THE DEVICE B STARTS A PROCESS 
TO AUTHENTICATE THE USER A 



THE USER A INPUTS HIS/HER 

USER ID OR SAMPLING INFORMATION 

TO THE DEVICE B 



S802 



S803 



RETRIEVE THE IDENTIFICATION 
CERTIFICATE(IDC) ON THE BASIS 
OF THE USER ID OR SAMPLING 
INFORMATION 



S804 




ACQUIRE THE IDC OF THE USER A 
FROM THE IDENTIFICATION AUTHORITY 
(IDA) AND STORES THE ACQUIRED 
IDC IN THE DEVICE B 
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AUTHENTICATE THE USER A ON THE 
BASIS OF THE IDC OF THE USER A 



S807 



S808 

'IS THE AUTHENTICATION^^ NO 
-RESULT AFFIRMATIVE? 




THE DEVICE B RETRIEVES A PAIR OF 
A PUBLIC KEY AND A PRIVATE KEY 
APPLICABLE TO A SERVICE PROVIDER 
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- IS THE PAIR OF THE PUBLIC KEY- 
"AND THE PRIVATE KEY FOUND? " 




YES 



NEWLY 


CREATE 


A PAIR OF A PUBLIC KEY 


AND A 


PRIVATE 


KEY 
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REGISTER THE PUBLIC KEY IN THE CA, 
REQUEST THE CA TO ISSUE A PUBLIC 
KEY CERTIFICATE (PKC), AND STORE 
THE ACQUIRED PKC 



S812 



THE DEVICE B FORMS A LINK BETWEEN THE 
IDC AND THE PKC OF THE USER A (CREATES 
GROUP INFORMATION AND STORES IT) AND 
ADD A SERVICE NAME (SERVICE IN WHICH THE 
IDC AND THE PKC ARE USABLE) TO THE LINK 



S813 



PERFORM MUTUAL AUTHENTICATION BETWEEN 
THE DEVICE B AND A SERVICE REGISTRATION 
SERVER AND SHARE A SESSION KEY 



S814 



-IS THE RESULT OF THE MUTUAL^ 
~ AUTHENTICATION AFFIRMATIVE?^ 



S815 



NO 
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PERFORM AUTHENTICATION OF THE USER A 
TO THE SERVICE REGISTRATION SERVER 
ON THE BASIS OF THE IDC 



ERROR 
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UPON RECEIVING A REGISTRATION COMPLETION 
NOTIFICATION FROM THE SERVICE REGISTRATION 
SERVER, RECEIVE INFORMATION ABOUT USABLE 
SERVICES AND PKC'S OF USABLE CONTENTS 
DISTRIBUTION SERVERS 



PERFORM MUTUAL AUTHENTICATION BETWEEN THE 
USER A AND A CONTENTS DISTRIBUTION SERVER 
ON THE BASIS OF THE USER A'S PKC REGISTERED 
IN THE SERVICE REGISTRATION SERVER AND ON 
THE BASIS OF THE PKC OF THE CONTENTS 
DISTRIBUTION SERVER 
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-IS THE RESULT OF THE MUTUAL' 
-AUTHENTICATION AFFIRMATIVES 
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NO 
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RECEIVE A CONTENT FROM THE CONTENTS 
DISTRIBUTION SERVER 



ERROR 
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A USER A ACCESSES A DEVICE B 
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THE DEVICE B STARTS A PROCESS 
TO AUTHENTICATE THE USER A 



S852 



THE USER A INPUTS HIS/HER 

USER ID OR SAMPLING INFORMATION 

TO THE DEVICE B 



S853 



RETRIEVE THE IDENTIFICATION 
CERTIFICATE (IDC) ON THE BASIS 
OF THE USER ID OR SAMPLING 
INFORMATION 
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ACQUIRE THE IDC OF THE USER A 
FROM THE IDENTIFICATION AUTHORITY 
(IDA) AND STORE THE ACQUIRED 
IDC IN THE DEVICE B 
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AUTHENTICATE THE USER A ON THE 
BASIS OF THE IDC OF THE USER A 



S857 



S858 

'IS THE AUTHENTICATION^- — NO 
-RESULT AFFIRMATIVE? 




THE DEVICE B RETRIEVES A PAIR OF 
A PUBLIC KEY AND A PRIVATE KEY 
APPLICABLE TO A SERVICE PROVIDER 
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PERFORM MUTUAL AUTHENTICATION BETWEEN 
THE DEVICE B AND A SERVICE REGISTRATION 
SERVER AND SHARE A SESSION KEY 
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-IS THE RESULT OF THE MUTUAL — ^ 
-AUTHENTICATION AFFIRMATIVE?^^ 



NO 



TYES 



PERFORM AUTHENTICATION OF THE USER A 
TO THE SERVICE REGISTRATION SERVER 
ON THE BASIS OF THE IDC 
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UPON RECEIVING A USAGE PERMISSION NOTIFICATION 
FROM THE SERVICE REGISTRATION SERVER, RECEIVE 
INFORMATION ABOUT USABLE SERVICES AND PKC'S 
OF USABLE CONTENTS DISTRIBUTION SERVERS 
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PERFORM MUTUAL AUTHENTICATION BETWEEN THE 
USER A AND A CONTENTS DISTRIBUTION SERVER 
ON THE BASIS OF THE USER A'S PKC REGISTERED 
IN THE SERVICE REGISTRATION SERVER AND ON 
THE BASIS OF THE PKC OF THE CONTENTS 
DISTRIBUTION SERVER 
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FIG. 80B 



USER ID 



] 



IDC 



User's Template 



■ EXP) RATION- : DATE ■ : 
: OF: THE -TEMPLATE-: 



number of-:tjmes:-:-: 
the-: idc :-i:s: -ALLOWED 
to:-be:-used-:-:-:-:-:-:-: 



1020' 



SAM 



1019-^ 



CERTIFICATE ID NUMBER 
NUMBER OF TIMES IDC IS USED. 
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( START AN IDC CHECKING PROCES§ ) S1001 
t 

A USER INPUTS HIS/HER USER ID S1002 
AND SAMPLING DATA TO A PERSONAL 
DATA ACQUISITION UNIT 

I " 

^ IS THERE AN ID( ^ 0F THE USER? /^.jQQg 



NO 



HAS THE EXPIRATION DATE OF 
THE TEMPLATE OF THE IDC NOT 
BEEN REACHED? 

YESj* 

HAS THE EXPIRATION DATE OF 
THE IDC NOT BEEN REACHED? 



NO 



S1005 



NO 



YES^" 



/S1007 



'IS THE MAXIMUM NUMBER OF TIMES > 
\THE IDC CAN BE USED DEFINED? / 

YES| 



NO 



EXTRACT THE NUMBER OF TIMES THE 
IDC HAS BEEN USED FROM THE SAM 
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IDC 


ACQUISITION 


PROCESS | 
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inn 


ACQUISITION 


PROCESS | 
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IDC 


ACQUISITION 


PROCESS | 



THE NUMBER OF TIMES THE IDC 
HAS BEEN USED^I? 



NO 



YES^~ 



'S1011 



EXTRACT THE TEMPLATE OF THE IDC 
AND COMPARE THE SAMPLING DATA 
WITH THE TEMPLATE 



/IS THE MAXIMUM NUMBER OF TIMES 
\THE IDC CAN BE USED DEFINED? y 



S1014 



NO 



YES| 



DECREMENT THE VALUE OF THE 
DATA, STORED IN THE SAM, INDI- 
CATING THE NUMBER OF TIMES 
THE IDC HAS BEEN USED 
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S1016 



NO 



IS THE VALUE OF THE DATA, 
STORED IN THE SAM, INDICATING 
THE NUMBER OF TIMES THE IDC 
HAS BEEN USED EQUAL TO 0 ? /S1017 

YES| 



DELETE THE 



DC FROM THE SAM 
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PERFORM A PROCESS DEPENDING 
UPON THE RESULT OF VERIFICATION 
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S1012 



IDC ACQUISITION PROCESS 



SET THE VALUE OF THE 
DATA IN THE SAM TO 
INDICATE THE MAXIMUM 
NUMBER OF TIMES THE 
IDC CAN BE USED 
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